Enabling instant user activation?

(Ueih Gnad) #1

Hi,i want to my new users can be instant activation ( not require click to link in activation email)
Could i do that?

(Luke Larris) #2

If you do that, prepare to battle hordes of spammers in the future.

(Jeff Atwood) #3

Yeah as @lukelarris says that would be a bad idea.

(Ueih Gnad) #4

Thanks for your reply,i know it but i prefer other anti-spam method (ex : captcha,random questions…) than that. Email verification not only doesn’t stop spammer but also require more time,. :grin:

Anyway, i want to use 3rd party API to anti-spam (Spamhaus API…)

(Konrad Borowski) #5

From my experience, e-mail verification doesn’t help at all (I don’t use it on certain forum I develop). Spammers provide real e-mail addresses in “e-mail” field anyway, because they expect e-mail verification - practically any forum I’m aware of requires e-mail verification. Having to verify e-mails is no protection at all, as any spam bot can read mails (because e-mail verification is very, very common).

Spammers that aren’t spamming manually (with the poorly paid people), cannot deal with forum systems like Discourse without help of real person. And if Discourse would ever get popular, spammers simply could update their spam bots to support Discourse, and whatever verification it does use, in order to automatically create accounts.

phpBB does have e-mail verfication, but many spam bots simply provide real e-mails, read e-mail, and click link in it in order to create an account. It isn’t difficult for the spam bot to read a mail.

In my opinion, e-mail verification is only annoyance, and it doesn’t protect from actual spammers. Perhaps it did, when such system initially appeared, but it doesn’t anymore. I’m tired of opening e-mail client every time I register anywhere. This is modern board - is e-mail verification really needed? Perhaps instead, e-mails from Discourse should have link to mark e-mail as invalid (for example, if somebody would mistype e-mail address).

(Ueih Gnad) #6

totally agree :grin: i don’t have experience with Ruby on Rails code so i hope Discourse will add this feature,enable captcha and more

(Erhune) #7

It might depend on the domain, but in mine (MMORPGs) I have the first-hand experience that e-mail activation does not prevent at all bots from subscribing. In fact the only reason I see for this is ensuring that the user will receive e-mail notification and - more important - can recover its password.

One nicer way of implementing it is allowing access without e-mail validation, but blocking the user after X days or X posts if he doesn’t verify his email address.

(Sjors) #8

Spambots like Xrumer automatically verify e-mails. E-mail verification is useless against (automatic) spammers and has been for years. Isn’t Discourse immune to these bots already because they can’t cope with javascript challenges? I’m no developer so I haven’t actually checked deeply into the source code.

And if human users really wanted to spam your forum, verifying an e-mail is no issue for them. But if they come back with new accounts from other IP’s it does get easier for them to spam your forum again without e-mail verification.

Maybe it would be a good idea to restrict it to social media logins, since they already have to do some effort to get those accounts created before they could spam.

This seems like a nice solution, allow users to post right after registration but have them eventually verify their e-mail address.

(Alexandre Angelim) #9

This little plugin should help you with instant activation, if anyone is still interested.

I hope it helps


(Allen - Watchman Monitoring) #10

WOW, thank you!!!

@angelim can you confirm this is still working?

(Richard Hulse) #11

One problem with this is that it makes it possible to sign up with an invalid email. The person may never realize and that’s a shame as email is used a lot for notifications to draw people back into community discussions.

(Allen - Watchman Monitoring) #12

Right now in our closed discourse, people are missing emails because even after I approve them, they aren’t activated.

If it really is a bad email, then a site admin need to be able to have a way to get reminded that there are inactive accounts to be dealt with

(Alexandre Angelim) #13

@watchmanmonitor sorry but I really can’t tell. I’ve stopped working on discourse a while ago and didn’t follow up how the project progressed. The feature is working on my install, but I haven’t updated since April of 2014.

(Allen - Watchman Monitoring) #14

This feature is pretty close to what @UeihGnad asked, and might even let @angelim upgrade…

I just paste the link into an incognito window, and the new user welcome mail becomes the first email they receive.

(Ugo Chirico) #15

Hi angelim, is your plugin still working on the current version of Discourse?
If so, can you explain me how can I set it in my discourse instance?

(Alexandre Angelim) #16

I’m afraid it doesn’t work anymore, @Ugo_Chirico

Auto-activate new users

Sorry to dig this up @196 days old, but is there any update on this? I totally agree that e-mail validation does not stop spammers. Is there a way to just automatically activate accounts without email validation?

(Sam Saffron) #18

No plans to build this setting in any of our upcoming releases

(RĂ©gis Hanol) #19

That said, it’s something that is doable in a plugin if you desperately need it :wink: